The Human Factor

Posted on by

The work conducted by humans and the work conducted by technology within the cybersecurity field are not separate categories. They go together and there is a tradeoff between the two, with some funds allocated to training human workers and others allocated to the technology used to assist humans. However, there are weaknesses within the ability of humans to ensure the safety of the assets they are tasked with protecting. According to the Psych-Technological Matrix of Cybersecurity Threats, of which there are nine different areas, “… only three do not involve human psychology while six either may to some extent rely on human psychology or have human psychology as a key factor” (Pogrebna-Taratine, 2020). This means that most threats exploit some element of human behavior to achieve their end goal. Some elements of your security measures must not be managed directly by humans and some sort of technology should be tasked with managing the measures. This includes automating areas like data logging or virus protection to take out the element of human hesitation or confusion. Human data loggers would have to either decide what data is important before logging or work constantly to ensure the data is up to date. However, an automated system can simply log and keep track of all data constantly while also monitoring it for anomalous activities and taking the appropriate actions to combat possible threats (Capone, 2018). With these factors in mind, I think I would focus on mostly automating jobs that can be done by technology much more efficiently while training human workers to recognize possible social engineering methods. The main job of the workers would be ensuring the systems are working properly as well as looking for possible intrusions that the machines missed. By partially removing the human factor, many social engineering loopholes used by hackers could be removed while still ensuring security with the automated systems. Professionals would still be used but would be there to defend against detected intrusions and maintain the automated systems rather than being the first line of defense against possible attacks. The systems could also be constantly updated to account for new methods to ensure they do not allow new methods of attack to go unnoticed.

Works Cited

Pogrebna, Ganna, and Boris Taratine. “Cybersecurity as a Behavioural Science: Part 1.” CyberBitsEtc, 14 Feb. 2020, https://www.cyberbitsetc.org/post/cybersecurity-as-a-behavioural-science-part-1#:~:text=The%20main%20advantage%20of%20looking,new%20risks%20and%20vulnerabilities%20by.

Capone, Jeff. “The Impact of Human Behavior on Security.” CSO Online, 25 May 2018, https://www.csoonline.com/article/3275930/the-impact-of-human-behavior-on-security.html.

Leave a Reply

Your email address will not be published. Required fields are marked *